Has request validation changed for ASP.NET MVC 2, more precisely, not validating?
I did the following:
Web.configs (in App directory and Views directory)
<pages
validateRequest="false"
Controller/Action Attribute
[ValidateInput(false)]
In @Page View Directive
ValidateRequest="false"
The page still gets validated an exception is thrown when HTML content is posted.
UPDATE
Created a new ASP.NET MVC 2 Application and I modified the Home Controller's Index to this
[ValidateInput(false)]
public ActionResult Index(string InputText)
{
ViewData["Message"] = "Welcome to ASP.NET MVC!";
return View();
}
and my View Page
<% using(Html.BeginForm()){ %>
<%= Html.TextBox("InputText") %>
<input type="submit" />
<% } %>
And still the same issue, an exception is thrown.
I should read the error more carefully next time:
To allow pages to override application request validation settings, set requestValidationMode="2.0" in the configuration section. After setting this value, you can then disable request validation by setting validateRequest="false"
I put this in the application's web.config
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
</system.web>
and it worked.
Update:
I was running ASP.NET 4 thats why :P
Insert obligatory warning about XSS here.
That you decorated the controller (or action) with the ValidateInputAttribute should be enough, as all validation is done at this controller level in ASP.NET MVC
I have just tried this now on an action, and it returns a nice, evil alert() when I output it, so I'd venture a guess that there's something else going on here.
Do you have an HandleErrorAttribute set up anywhere?
来源:https://stackoverflow.com/questions/1648386/request-validation-asp-net-mvc-2